The discussion on this thread was directly related to the Lighthouse64 issues and bugs which I reported, Some of these, related to DVD-load operation, were deflected or dismissed with the observation that a frugal install on a USB flash drive would make more sense. Since I do not agree, I chose to address that claim by discussing the issues which make a flash install less than ideal, thus presenting DVD-boot as the superior solution. That obviously makes *this* the correct place to discuss those issues. *This* is the place for developing those views through discussion and argument, for those who wish to do so.

I think it is important to note that it is Does NOT Matter whether it is a Frugal Puppy/Full Puppy/Live-Media Puppy on the issue of Malware in the system.

Most of us should understand that even though there are some advantages to booting one vs another, the running system with the triggers that malware presents is whats of concern.

Here to helps_________________Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Enginesor use DogPile

Most of us should understand that even though there are some advantages to booting one vs another, the running system with the triggers that malware presents is whats of concern.

If I do get what you intend here then I do agree.

But as Flash our most active Moderator often point out
that if one do as he suggests to boot using a CD
and to have a USB a save file and to only
connect that one if there is something important
and use the CD or DVD to save other small changes.

And the most important. To take out the Harddisk from
that computer then that set up is rather safe.

Especially if one reboot now and then to get rid
of the malware that have entered?

My naive question for us who can not use CD/DVD
and have to use USB instead.

Suppose I take out the HD and only connect
an eternal HD when I want to save something important.

Okay maybe the malware is clever enough to sense that
connection and sneak it's bad code over to that HD?
while I save the scientific pdf texts and .doc and so on.
For to prevent that to happen could one do like this?

I take out the HD and only boot frugally from USB
and that one having a partition too small to have
room or any malware? Then it has another partition
for savefile but which are password protected?

Would the malware be able to sneak over the bad code then?
Would it read the password while I save something?

And to be extra cautious if I want to save on the big
external HD then I save it first on the save partition
on usb and then shut down the computer and
then boot up again and save on the external by
copy over from the usb? I mean the malware
would be gone and can not copy over the bad
code because that one need the active program
that lurk in RAM memory?

Or am I too naive here? sorry for confusing text_________________I use Google Search on Puppy Forum
not an ideal solution though

Posted: Wed 15 Aug 2012, 19:24 Post subject:
Why use Live media? ... a single view of its use

Here's how I have used my PUPs over the years.

I build my Live media from a Puppy ISO. I insure that it is built in Multi-session mode. One then boots the Live media created from the ISO, and uses the PUP as they see fit. This includes web needs, subsystems added from PPM, tailoring, and data generation/manipulation as one finds necessary. When they have completed their use (and this could be weeks later in some of my cases) when I shutdown I am asked if I want to save all prior work that was done in the system. I reply Yes and target it to the CD, and Puppy takes care to save all of my work that exist in the PUPPY filesystem(s).

When Puppy reboots, it detects the saved session(s) and incorporates the save session into the running OS.

What I just described is that NOTHING is written onto ANY media until I, personally, instruct the system to do so. There is another means for me to use as provided by some/most Puppy distros; namely, a "button" on the desktop that will execute a save-session to take an interim snapshot of my running Puppy.

From a security standpoint, I am in control. The only time this can be compromised (and it can be compromised) is if someone pushes my buttons.

It is meaningful to understand that given the right kind of information, and an understanding of behavior, there are methods which can be brought to bear to exploit any of us. But, there must be an environment for this to occur and an understanding on behavior such that an exploitation can occur.

I am NOT sharing this as a demo of how to be secure! I am sharing it to show that in my case, my booted system is safe and intact prior to any save-session I do. But, for those PCs that I use in production (meaning, I have them running all the time, I rarely boot/reboot them unless I want to save an instance of the system for some reason). And, since everything that occurs is real-time in the RAM filesystem, I have a limited exposure that would force eradication of a breach; namely the offending save session.

My Live media (DVD/CD/BluRay) has timed stamped save-sessions. I can use or physically delete any particular save session that I might want to (but, this is a manual operation, for Puppy does not provide tools to do this as of this posting.)

Live media is one safe methodology if for no other reason than the fact that one can selectively discard, or boot without certain save-session on the Live media.

Thus, one can consider this physical security versus some automated internal subsystem such as an Antivirus Subsystem. I do PPM install Antivirus software to be used to periodically check the system. I sometimes do boot other OSes and the virus signatures are routinely scanned for anyway, even though I recognize that exposure is limited.

In contrast, a Frugal and Full installations have their Puppy filesystems active to the running system and things are mounted to the running system at boot time. These have a differing level of exposure that requires different management.

I hope this give some understanding that contributing members can point to for better understanding of why some of us may choose Live media booting. The advantages of using Live media outweigh the need for shortened boot time. In my cases, the fact that it takes 1-3 minutes to boot does NOT poised a negative impact for me given that once its up, it does everything the Frugal-Full systems can do. It may be thought to be faster because there is NO need to access anything other than the RAM based filesystem to operate. (NOTE: I always have a partition on HDD that is a SWAP partition as this provide a measure of system stability without impacting performance.) My systems that I use all the time (2 PCs) run all the time and are almost never rebooted after initial setup and tailoring. Thus boot time in non-existent in comparison to up-time and use-time.

Here to help_________________Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Enginesor use DogPile

In general, puppy is secure because it is different. Malware is coded with a specific environment in mind.

However, consider this...

Running as root means that you have the right to run any command. A script running "dd if=/mnt/home/puppy/usb-image.iso of=/dev/sdc" as an example can burn an ISO image to the CD. Is it possible to ruin a CD and make it not bootable with dd? Yes, I believe so. Perhaps it would not be a loss of data for you depending on your practice but definitely it could be a time consuming annoyance to get back up and running.

Running as a restricted user would protect from such a command. But the nature of viruses and malware is that the payload is not always immediately evident. One can get a seemingly harmless program and use it for a very long time before the harmful payload is seen. In this case to protect from such a payload you would have to make a practice of always running as a restricted user, any code that could be infected.

Requiring buttons to be pressed, drives to be mounted, or scripts to run to perform "administrative" functions only adds protection if these requirements are not known to the attacker, or if they are not able to be run or done as the restricted user that the attacker has managed to get access to. (Note: GUI elements such as buttons, don't "do" anything in themselves, they call scripts or binary code to perform the activity).

Ultimately we have to make a decision to trust the code we are running, the source of that code and so on. Even the Linux kernel could have deliberate security vulnerabilities, but we trust that those people who review the source code, and the source code for the compilers which produce the binary executable, have our best interests in mind.

For my part, I use the browser as Spot. I generally download and compile from source the programs that I include in my SFS files. I remove any code that has been installed into the personal save files, and in the case of my USB puppy I only save changes at shut down and then I'm prompted by the shutdown script to decide if I want to save (customizations I have made). I trust that the original puppy ISO is free of malware. I use OpenVPN to tunnel to my home network for Internet access when I am away, so my communication is encrypted even if I'm connecting to an open wireless access point. I have Avast antivirus and occasionally update the definitions and scan all the files. Even Avast and the definitions are loaded from an SFS file at boot time.

Besides having backups of the personal save files and other data saved on separate USB sticks there is not much else to do.

My only real reason for wishing for multiuser support beyond Spot in Puppy has been when installing 3rd party binary applications where they refuse to run as root. Many of them will not run as Spot either.

whilst i can't actually test the software you're wanting to use, i've had some success using this to run stuborn 'root hating' programs http://www.murga-linux.com/puppy/viewtopic.php?t=72667 once installed you'll need to alter the' /usr/bin/puppy-chrome ' script to point at the binary you're trying to run.

whilst i can't actually test the software you're wanting to use, i've had some success using this to run stuborn 'root hating' programs http://www.murga-linux.com/puppy/viewtopic.php?t=72667 once installed you'll need to alter the' /usr/bin/puppy-chrome ' script to point at the binary you're trying to run.

2. many says running puppy as root has no problem, it is safe.
-Do they mean, running puppy from CD/DVD is safe?
-Do they mean, running puppy from HDD frugal is safe?
-Do they mean, running puppy from HDD full installation is safe?

When I goto IRC, it prints, running root is unsafe! Still we can go. But biggest trouble is, some IRC servers like DALNet doesn't even let us go in! Directly refusing stating that you are logged in as root!

I think many Puppy Linux users would agree that safety really is up to the individual using common sense whether one runs as root or not...

Quote:

When I goto IRC, it prints, running root is unsafe! Still we can go. But biggest trouble is, some IRC servers like DALNet doesn't even let us go in! Directly refusing stating that you are logged in as root!

What to do about it?

In this circumstance, one can choose to run as a user with limited rights (non root access) in Puppy Linux. One can use spot:

Code:

# su -l spot
# whoami
spot
# exit
logout
# whoami
root

Monsie_________________My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

Seems to be very individual these things.
I am a pessimist. I trust that nothing on internet is safe.

As soon as you connect to internet some ill willing person
can have a program that target you personally and them
do their best to hack in.

What I have heard is that being non-root only protect the
files in that restricted use area. The hacker could still
hack themselves into the root account if they have that knowledge
and resources and so on.

So maybe we should not be too overly confident but
also be realistic about it?

I know too little._________________I use Google Search on Puppy Forum
not an ideal solution though

My only real reason for wishing for multiuser support beyond Spot in Puppy has been when installing 3rd party binary applications where they refuse to run as root. Many of them will not run as Spot either.

For the record... Will you provide some examples of 3rd party apps you've found that refuse to run either as root or as spot in Puppy?

Thanks,
Monsie_________________My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

Another thing is that, many of our members say, puppy linux was created to be used as a single user system. It cant be used as a server.

1. To my knowledge, linux itself is a multiuser os.
So, how puppy linux is single user system?

2. We are happy that puppy linux be better used as a Desktop os, a single user system. When question os adding another user comes, why people think that it shall be used as a server? I think, when people say, add another unpriviledged user, they mean providing a less permitted user, but again they will use their system as a simple Desktop, not a server in the university or their office! Cant we make it such that it adds just a less priviledged user and yet work as Desktop only, no server functionality and no connections from outside to the machine. (which i think, is the need of a server)

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum